{"id":66874,"date":"2024-06-16T11:30:57","date_gmt":"2024-06-16T08:00:57","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/"},"modified":"2024-06-16T11:30:57","modified_gmt":"2024-06-16T08:00:57","slug":"implement-a-devsecops-pipeline-with-github-actions-2lbb","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/","title":{"rendered":"\u06cc\u06a9 \u062e\u0637 \u0644\u0648\u0644\u0647 DevSecOps \u0631\u0627 \u0628\u0627 \u0627\u0642\u062f\u0627\u0645\u0627\u062a GitHub \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u06a9\u0646\u06cc\u062f"},"content":{"rendered":"<div data-article-id=\"1890035\" id=\"article-body\">\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter-rtl ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%D9%85%D9%82%D8%AF%D9%85%D9%87_%E2%80%93_%D8%AA%D9%88%D9%84%D8%AF_DevSecOps\" >\u0645\u0642\u062f\u0645\u0647 &#8211; \u062a\u0648\u0644\u062f DevSecOps<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%D8%B4%D8%B1%D8%A7%DB%8C%D8%B7_%D8%A7%D9%85%D9%86%DB%8C%D8%AA%DB%8C\" >\u0634\u0631\u0627\u06cc\u0637 \u0627\u0645\u0646\u06cc\u062a\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%D8%A7%D9%82%D8%AF%D8%A7%D9%85%D8%A7%D8%AA_GitHub\" >\u0627\u0642\u062f\u0627\u0645\u0627\u062a GitHub<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%DA%AF%D8%B1%D8%AF%D8%B4_%DA%A9%D8%A7%D8%B1_%D9%85%D8%A7\" >\u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u0645\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%D8%B9%DB%8C%D8%A8_%DB%8C%D8%A7%D8%A8%DB%8C\" >\u0639\u06cc\u0628 \u06cc\u0627\u0628\u06cc<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/nabfollower.com\/blog\/implement-a-devsecops-pipeline-with-github-actions-2lbb\/#%D9%85%D9%86%D8%A7%D8%A8%D8%B9\" >\u0645\u0646\u0627\u0628\u0639<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D9%85%D9%82%D8%AF%D9%85%D9%87_%E2%80%93_%D8%AA%D9%88%D9%84%D8%AF_DevSecOps\"><\/span>\n<p>  \u0645\u0642\u062f\u0645\u0647 &#8211; \u062a\u0648\u0644\u062f DevSecOps<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062f\u0627\u0633\u062a\u0627\u0646 DevSecOps \u062f\u0627\u0633\u062a\u0627\u0646 \u062a\u0648\u0633\u0639\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0627\u0632 \u0646\u0632\u062f\u06cc\u06a9 \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f.  \u0645\u0627 \u062f\u06cc\u062f\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0635\u0646\u0639\u062a \u0627\u0632 Waterfall \u0628\u0647 Agile \u0645\u0646\u062a\u0642\u0644 \u0634\u062f \u0648 \u0647\u0645\u0647 \u0686\u06cc\u0632 \u0628\u0639\u062f \u0627\u0632 Agile \u062a\u063a\u06cc\u06cc\u0631 \u06a9\u0631\u062f.  \u0628\u0627 \u0686\u0631\u062e\u0647 \u0647\u0627\u06cc \u062a\u0648\u0633\u0639\u0647 \u0628\u0633\u06cc\u0627\u0631 \u06a9\u0648\u062a\u0627\u0647 \u062a\u0631\u060c \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0633\u0631\u06cc\u0639\u062a\u0631 \u062f\u0631 \u062a\u0648\u0644\u06cc\u062f \u0646\u06cc\u0632 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a. <\/p>\n<p>\u062f\u06cc\u06af\u0631 \u0628\u0631\u0627\u06cc \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0645\u06a9\u0627\u0646\u200c\u067e\u0630\u06cc\u0631 \u0646\u0628\u0648\u062f \u06a9\u0647 \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc Dev\/Ops \u0645\u0646\u062a\u0638\u0631 \u0628\u0645\u0627\u0646\u0646\u062f \u062a\u0627 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648 \u062a\u0633\u062a \u0646\u0641\u0648\u0630 (VAPT) \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u062c\u0627\u0645 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0628\u0647 \u062a\u0648\u0644\u06cc\u062f \u0628\u0631\u0633\u062f.  \u0627\u06af\u0631 \u0646\u0647\u060c \u0628\u0631\u062a\u0631\u06cc \u062a\u06cc\u0645 \u0631\u0627 \u0628\u0627 \u0633\u0631\u0639\u062a \u0648 \u0686\u0627\u0628\u06a9\u06cc \u0627\u0632 \u0628\u06cc\u0646 \u0645\u06cc \u0628\u0631\u06cc\u0645.<\/p>\n<blockquote>\n<p>DevOps \u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u0627\u0632 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0632\u0645\u0627\u0646 \u0628\u06cc\u0646 \u0627\u0646\u062c\u0627\u0645 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0631 \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0648 \u0627\u06cc\u062c\u0627\u062f \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0631 \u062a\u0648\u0644\u06cc\u062f \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644 \u062a\u0636\u0645\u06cc\u0646 \u06a9\u06cc\u0641\u06cc\u062a \u0628\u0627\u0644\u0627 &#8211; Bass\u060c Weber \u0648 Zhu \u062f\u0631 \u0646\u0638\u0631 \u06af\u0631\u0641\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. <\/p>\n<\/blockquote>\n<p>\u0637\u0628\u0642 \u062a\u0639\u0631\u06cc\u0641\u060c DevOps \u0642\u0628\u0644\u0627\u064b \u0627\u0645\u0646\u06cc\u062a \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0628\u062e\u0634\u06cc \u0627\u0632 \u0639\u0645\u0644\u06cc\u0627\u062a \u0634\u0627\u0645\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u0645\u0627 \u0635\u0646\u0639\u062a \u0627\u0645\u0646\u06cc\u062a \u0645\u06cc\u200c\u062e\u0648\u0627\u0633\u062a \u062a\u0645\u0631\u06a9\u0632 \u0648 \u062a\u0627\u06a9\u06cc\u062f \u0628\u06cc\u0634\u062a\u0631\u06cc \u0628\u0631 \u0627\u0645\u0646\u06cc\u062a \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648 \u0627\u0635\u0637\u0644\u0627\u062d DevSecOps \u06cc\u0627 Secure DevOps \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D8%B4%D8%B1%D8%A7%DB%8C%D8%B7_%D8%A7%D9%85%D9%86%DB%8C%D8%AA%DB%8C\"><\/span>\n<p>  \u0634\u0631\u0627\u06cc\u0637 \u0627\u0645\u0646\u06cc\u062a\u06cc<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0642\u0628\u0644 \u0627\u0632 \u0648\u0631\u0648\u062f \u0628\u0647 \u0645\u0631\u062d\u0644\u0647 \u0627\u062c\u0631\u0627\u060c \u0628\u06cc\u0627\u06cc\u06cc\u062f \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 \u0627\u06cc\u0646 3 \u0627\u0635\u0637\u0644\u0627\u062d \u0627\u0645\u0646\u06cc\u062a\u06cc \u0622\u0634\u0646\u0627 \u06a9\u0646\u06cc\u0645. <\/p>\n<p><strong>SCA<\/strong> &#8211; \u0645\u062e\u0641\u0641 \u0639\u0628\u0627\u0631\u062a Software Composition Analysis \u0627\u0633\u062a.  \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u062f\u0631 \u0645\u0624\u0644\u0641\u0647\u200c\u0647\u0627\u06cc \u0634\u062e\u0635 \u062b\u0627\u0644\u062b \u06a9\u0647 \u062f\u0631 \u067e\u0631\u0648\u0698\u0647\u200c\u0647\u0627\/\u0645\u062d\u0635\u0648\u0644\u0627\u062a \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.  \u0622\u0646\u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0647\u0627\u060c \u0628\u0633\u062a\u0647 \u0647\u0627\u06cc\u06cc \u0628\u0627\u0634\u0646\u062f \u06a9\u0647 \u0645\u0627 \u0646\u0635\u0628 \u0645\u06cc \u06a9\u0646\u06cc\u0645.  <\/p>\n<p>\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <strong>\u0627\u0633\u0646\u06cc\u06a9<\/strong> (\u062a\u0644\u0641\u0638 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 &#8220;Sneak&#8221;) \u0628\u0631\u0627\u06cc \u0627\u0628\u0632\u0627\u0631 SCA \u0645\u0627.  Snyk \u06cc\u06a9 \u0631\u0627\u0647 \u062d\u0644 SCA \u0628\u0631\u0627\u06cc \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u06a9\u0645\u06a9 \u0645\u06cc \u06a9\u0646\u062f \u062a\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0648 \u0645\u0633\u0627\u0626\u0644 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u062c\u0648\u0632 \u0631\u0627 \u062f\u0631 \u0648\u0627\u0628\u0633\u062a\u06af\u06cc \u0647\u0627\u06cc \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f\u060c \u0627\u0648\u0644\u0648\u06cc\u062a \u0628\u0646\u062f\u06cc \u0648 \u0631\u0641\u0639 \u06a9\u0646\u0646\u062f.<\/p>\n<ol>\n<li>\u06cc\u06a9 \u062d\u0633\u0627\u0628 SNYK \u0631\u0627\u06cc\u06af\u0627\u0646 \u062f\u0631 SNYK \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f\n<\/li>\n<li>\u0628\u0647 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u062d\u0633\u0627\u0628 \u0628\u0631\u0648\u06cc\u062f<\/li>\n<li>\u062a\u0648\u06a9\u0646 Auth \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f<\/li>\n<li>\u0627\u06cc\u0646 \u06a9\u0644\u06cc\u062f \u0634\u0645\u0627 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f <strong>SNYK_TOKEN<\/strong>.  \u0622\u0646 \u0631\u0627 \u062f\u0631 GitHub Actions Secrets \u062e\u0648\u062f \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f. <\/li>\n<\/ol>\n<p><strong>SAST<\/strong> &#8211; \u0645\u062e\u0641\u0641 Static Application Security Testing \u0627\u0633\u062a.  \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u06a9\u062f\u0647\u0627\u06cc \u0645\u0646\u0628\u0639\u060c \u06a9\u062f\u0647\u0627\u06cc \u0628\u0627\u06cc\u0646\u0631\u06cc \u0648 \u0628\u0627\u06cc\u062a\u06cc \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u062f\u0648\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f.  \u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u06a9\u062f\u0647\u0627 \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0646\u06cc\u0633\u062a\u0646\u062f \u0627\u0645\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u0627\u06cc\u0633\u062a\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc \u0634\u0648\u0646\u062f\u060c \u0628\u0647 \u0622\u0646 \u062a\u062d\u0644\u06cc\u0644 \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0645\u06cc \u06af\u0648\u06cc\u0646\u062f.  SAST\u060c SCA \u0648 Linting \u0646\u0645\u0648\u0646\u0647 \u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u0632 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0647\u0633\u062a\u0646\u062f<\/p>\n<p>\u0628\u0631\u0627\u06cc SAST\u060c \u0645\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <strong>\u0631\u062f\u06cc\u0627\u0628 \u0622\u0648\u0627\u06cc\u06cc<\/strong>.  SonarCloud \u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u062a\u062d\u0644\u06cc\u0644 \u0627\u0633\u062a\u0627\u062a\u06cc\u06a9 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0628\u0631 \u0628\u0631\u0627\u06cc \u062e\u0637 \u0644\u0648\u0644\u0647 CI\/CD \u0634\u0645\u0627 \u0627\u0633\u062a.  \u0627\u0632 \u062f\u0647 \u0647\u0627 \u0632\u0628\u0627\u0646 \u0645\u062d\u0628\u0648\u0628\u060c \u0686\u0627\u0631\u0686\u0648\u0628 \u0647\u0627\u06cc \u062a\u0648\u0633\u0639\u0647 \u0648 \u067e\u0644\u062a\u0641\u0631\u0645 \u0647\u0627\u06cc IaC \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u062f. <\/p>\n<ol>\n<li>\u06cc\u06a9 \u062d\u0633\u0627\u0628 Sonar \u0631\u0627\u06cc\u06af\u0627\u0646 \u062f\u0631 SonarCloud \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f\n<\/li>\n<li>\u062c\u062f\u06cc\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f <strong>\u0633\u0627\u0632\u0645\u0627\u0646<\/strong> \u0648 <strong>\u067e\u0631\u0648\u0698\u0647<\/strong>\n<\/li>\n<li>\u0628\u0647 \u062d\u0633\u0627\u0628 \u0645\u0646\u060c \u0628\u0631\u06af\u0647 \u0627\u0645\u0646\u06cc\u062a \u0628\u0631\u0648\u06cc\u062f<\/li>\n<li>\u06cc\u06a9 \u062a\u0648\u06a9\u0646 \u062c\u062f\u06cc\u062f \u062a\u0648\u0644\u06cc\u062f \u06a9\u0646\u06cc\u062f<\/li>\n<li>\u0627\u06cc\u0646 \u0646\u0634\u0627\u0646\u0647 \u0628\u0631\u0627\u06cc \u0634\u0645\u0627 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f <strong>SONAR_TOKEN<\/strong>.  \u0622\u0646 \u0631\u0627 \u062f\u0631 GitHub Actions Secrets \u062e\u0648\u062f \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f. <\/li>\n<\/ol>\n<p><strong>DAST<\/strong> &#8211; \u0645\u062e\u0641\u0641 Dynamic Application Security Testing \u0627\u0633\u062a.  \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0627\u06cc \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f.  \u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0648 \u0628\u0631\u0631\u0633\u06cc \u067e\u0648\u06cc\u0627 \u0627\u0633\u062a\u060c \u0628\u0647 \u0622\u0646 \u062a\u062d\u0644\u06cc\u0644 \u067e\u0648\u06cc\u0627 \u0645\u06cc \u06af\u0648\u06cc\u0646\u062f. <\/p>\n<p>\u0628\u0631\u0627\u06cc DAST\u060c \u0645\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <strong>OWASP ZAP<\/strong>.  ZAP \u067e\u0631\u06a9\u0627\u0631\u0628\u0631\u062f\u062a\u0631\u06cc\u0646 \u0627\u0633\u06a9\u0646\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0648\u0628 \u062f\u0631 \u062c\u0647\u0627\u0646 \u0627\u0633\u062a.  \u0627\u06cc\u0646 \u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0645\u0646\u0628\u0639 \u0628\u0627\u0632 \u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0627\u0633\u062a \u0648 \u062f\u0631 \u0647\u0633\u062a\u0647 \u0622\u0646\u060c ZAP \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u067e\u0631\u0648\u06a9\u0633\u06cc \u0645\u0631\u062f \u062f\u0631 \u0648\u0633\u0637 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc \u0634\u0648\u062f.  \u0634\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f 3 \u0627\u0642\u062f\u0627\u0645 Github \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 OWASP ZAP \u0631\u0627 \u062f\u0631 \u0628\u0627\u0632\u0627\u0631 GitHub \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D9%82%D8%AF%D8%A7%D9%85%D8%A7%D8%AA_GitHub\"><\/span>\n<p>  \u0627\u0642\u062f\u0627\u0645\u0627\u062a GitHub<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>GitHub Actions \u06cc\u06a9 \u067e\u0644\u062a \u0641\u0631\u0645 CI\/CD \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f \u062e\u0637 \u0644\u0648\u0644\u0647 \u0633\u0627\u062e\u062a\u060c \u0622\u0632\u0645\u0627\u06cc\u0634 \u0648 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u062e\u0648\u062f \u0631\u0627 \u062e\u0648\u062f\u06a9\u0627\u0631 \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0622\u0646 \u0631\u0627 \u062f\u0631 \u0645\u062e\u0632\u0646 \u06a9\u062f \u062e\u0648\u062f \u062f\u0631 GitHub \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.  \u0627\u06cc\u0646 \u062a\u0628 Actions \u0627\u0633\u062a.<\/p>\n<p>\u0648 \u0648\u0642\u062a\u06cc \u0631\u0648\u06cc \u0647\u0631 \u06cc\u06a9 \u0627\u0632 \u0627\u06cc\u0646 \u06af\u0631\u062f\u0634\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u06cc \u06a9\u0644\u06cc\u06a9 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06a9\u0627\u0631\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0628\u0628\u06cc\u0646\u06cc\u062f.<\/p>\n<p><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media.dev.to\/cdn-cgi\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2288ui6ut5ht7xyaxcy9.png\" alt=\"\u0646\u0645\u0648\u0646\u0647 \u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 GitHub Actions\" loading=\"lazy\" width=\"512\" height=\"182\" title=\"\"><\/p>\n<p>\u062f\u0631 \u0628\u0627\u0644\u0627 \u06cc\u06a9 \u0646\u0645\u0648\u0646\u0647 \u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u0627\u0633\u062a. <\/p>\n<p><strong>\u06af\u0631\u062f\u0634 \u06a9\u0627\u0631<\/strong> \u0641\u0631\u0622\u06cc\u0646\u062f\u0647\u0627\u06cc \u062e\u0648\u062f\u06a9\u0627\u0631\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06cc\u06a9 \u06cc\u0627 \u0686\u0646\u062f \u06a9\u0627\u0631 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u062f.  \u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u062a\u0648\u0633\u0637 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc YAML \u06a9\u0647 \u062f\u0631 \u0645\u062e\u0632\u0646 \u0634\u0645\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc \u0634\u0648\u0646\u062f\u060c \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc \u0634\u0648\u0646\u062f.  \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc yaml \u062f\u0631 \u0630\u062e\u06cc\u0631\u0647 \u0645\u06cc \u0634\u0648\u0646\u062f <code>.github\/workflows<\/code> \u0641\u0647\u0631\u0633\u062a \u0631\u0627\u0647\u0646\u0645\u0627.  \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06af\u0631\u062f\u0634\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u06cc \u0645\u062a\u0639\u062f\u062f\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u06a9\u0647 \u0647\u0631 \u06a9\u062f\u0627\u0645 \u0645\u062c\u0645\u0648\u0639\u0647\u200c\u0627\u06cc \u0627\u0632 \u0648\u0638\u0627\u06cc\u0641 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f<\/p>\n<p>\u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0631\u0648\u06cc\u062f\u0627\u062f (\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u06a9\u0634\u0634 \/ \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u06cc\u06a9 \u062a\u0648\u0633\u0639\u0647 \u062f\u0647\u0646\u062f\u0647 \u06cc\u06a9 \u062a\u063a\u06cc\u06cc\u0631 \u0631\u0627 \u0628\u0647 \u0645\u062e\u0632\u0646 \u06a9\u062f \u0641\u0634\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f) \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0634\u0648\u062f.<\/p>\n<p>\u0648\u0642\u062a\u06cc \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0628\u06cc\u0641\u062a\u062f\u060c \u06cc\u06a9 \u06cc\u0627 \u0686\u0646\u062f \u0634\u063a\u0644 \u0634\u0631\u0648\u0639 \u0628\u0647 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u0646\u062f.<\/p>\n<p><strong>\u0634\u063a\u0644 \u0647\u0627<\/strong> \u0645\u0631\u0627\u062d\u0644 \u0628\u0647 \u062a\u0631\u062a\u06cc\u0628 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0628\u0647 \u06cc\u06a9\u062f\u06cc\u06af\u0631 \u0648\u0627\u0628\u0633\u062a\u0647 \u0647\u0633\u062a\u0646\u062f.  \u0634\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0627\u062f\u0647 \u0647\u0627 \u0631\u0627 \u0627\u0632 \u06cc\u06a9 \u0645\u0631\u062d\u0644\u0647 \u0628\u0647 \u0645\u0631\u062d\u0644\u0647 \u062f\u06cc\u06af\u0631 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u0628\u06af\u0630\u0627\u0631\u06cc\u062f \u0632\u06cc\u0631\u0627 \u0622\u0646\u0647\u0627 \u0631\u0648\u06cc \u06cc\u06a9 \u0631\u0627\u0646\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u0646\u062f.<\/p>\n<p><strong>\u062f\u0648\u0646\u062f\u0647 \u0647\u0627<\/strong> \u0633\u0631\u0648\u0631\u0647\u0627\u06cc\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0647\u0646\u06af\u0627\u0645 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc\u060c \u06af\u0631\u062f\u0634\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u06cc \u0634\u0645\u0627 \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u0648 Github \u0645\u0627\u0634\u06cc\u0646\u200c\u0647\u0627\u06cc \u0645\u062c\u0627\u0632\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u060c \u0648\u06cc\u0646\u062f\u0648\u0632 \u0648 MacOS \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06af\u0631\u062f\u0634\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u06cc \u062e\u0648\u062f \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u0634\u0645\u0627 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. <\/p>\n<h2><span class=\"ez-toc-section\" id=\"%DA%AF%D8%B1%D8%AF%D8%B4_%DA%A9%D8%A7%D8%B1_%D9%85%D8%A7\"><\/span>\n<p>  \u06af\u0631\u062f\u0634 \u06a9\u0627\u0631 \u0645\u0627<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062e\u0637 \u0644\u0648\u0644\u0647 DevSecOps \u0645\u0627 \u0627\u0632 3 \u06a9\u0627\u0631 \u062a\u0634\u06a9\u06cc\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a. <\/p>\n<p><strong>\u0633\u0627\u062e\u062a\u0646<\/strong> &#8211; \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0622\u062e\u0631\u06cc\u0646 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648\u060c \u0646\u0635\u0628 \u0622\u062e\u0631\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a github (v4)\u060c \u0646\u0635\u0628 nodeJS \u0646\u0633\u062e\u0647 20\u060c \u0646\u0635\u0628 \u0648\u0627\u0628\u0633\u062a\u06af\u06cc \u0647\u0627\u06cc \u067e\u0631\u0648\u0698\u0647 \u0645\u0627 <code>npm run install<\/code>\u060c \u062a\u0633\u062a \u0648\u0627\u062d\u062f \u0645\u0627 \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u062f <code>npm run test<\/code> \u0648 SAST \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u0648\u0646\u0627\u0631 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f.<\/p>\n<p><strong>SCA<\/strong> &#8211; \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u0622\u062e\u0631\u06cc\u0646 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u0648 \u0628\u0631\u0627\u06cc \u0634\u0631\u0648\u0639 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631\u060c \u0622\u0646 <em>\u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u062f<\/em> \u06a9\u0627\u0631 \u0633\u0627\u062e\u062a \u06a9\u0627\u0645\u0644 \u0634\u0648\u062f  \u0622\u062e\u0631\u06cc\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a github (v4) \u0631\u0627 \u0646\u0635\u0628 \u0645\u06cc \u06a9\u0646\u062f \u0648 Snyk \u0631\u0627 \u062f\u0631 \u0645\u0642\u0627\u0628\u0644 \u0645\u062e\u0632\u0646 \u06a9\u062f \u0645\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p><strong>DAST<\/strong> &#8211; \u0622\u062e\u0631\u06cc\u0646 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u0631\u0627 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0645\u0646\u062a\u0638\u0631 \u0645\u06cc\u200c\u0645\u0627\u0646\u062f \u062a\u0627 \u06a9\u0627\u0631 SCA \u06a9\u0627\u0645\u0644 \u0634\u0648\u062f\u060c \u0622\u062e\u0631\u06cc\u0646 \u06af\u06cc\u062a\u200c\u0647\u0627\u0628 \u0627\u06a9\u0634\u0646 (v4) \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 OWASP ZAP \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u06cc\u06a9 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0646\u0645\u0648\u0646\u0647 (example.com) \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<p>\u06a9\u0644 \u062e\u0637 \u0644\u0648\u0644\u0647 CICD \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u062a\u0646\u0647\u0627 \u062f\u0631 50 \u062e\u0637 \u06a9\u062f \u0632\u06cc\u0631 \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u06a9\u0631\u062f.<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>name: Build code, run unit test, run SAST, SCA, DAST security scans for NodeJs App\non: push\n\njobs:\n  Build:\n    runs-on: ubuntu-latest\n    name: Unit Test and SAST\n    steps:\n    - uses: actions\/checkout@v4\n    - uses: actions\/setup-node@v4\n      with:\n        node-version: '20.x'\n        cache: npm\n    - name: Install dependencies\n      run: npm install\n    - name: Test and coverage\n      run: npm run test\n    - name: SonarCloud Scan\n      uses: sonarsource\/sonarcloud-github-action@master\n      env:\n        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}\n      with:\n        args: &gt;\n          -Dsonar.organization=[YOUR_SONAR_ORGANISATION]\n          -Dsonar.projectKey=[YOUR_SONAR_PROJECT]\n  SCA:\n    runs-on: ubuntu-latest\n    needs: Build\n    name: SCA - SNYK\n    steps:\n      - uses: actions\/checkout@v4\n      - name: Run Snyk to check for vulnerabilities\n        uses: snyk\/actions\/node@master\n        continue-on-error: true\n        env:\n          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}\n  DAST:\n    runs-on: ubuntu-latest\n    needs: SCA\n    name: DAST - ZAP\n    steps:\n      - name: Checkout\n        uses: actions\/checkout@v4\n        with:\n          ref: main\n      - name: ZAP Scan\n        uses: zaproxy\/action-baseline@v0.11.0\n        with:\n          target: 'http:\/\/example.com\/'\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D8%B9%DB%8C%D8%A8_%DB%8C%D8%A7%D8%A8%DB%8C\"><\/span>\n<p>  \u0639\u06cc\u0628 \u06cc\u0627\u0628\u06cc<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0645\u062a\u0648\u062c\u0647 \u062e\u0648\u0627\u0647\u06cc\u062f \u0634\u062f \u06a9\u0647 \u06af\u0632\u0627\u0631\u0634 \u067e\u0648\u0634\u0634 \u062a\u0633\u062a \u0648\u0627\u062d\u062f \u0634\u0645\u0627 \u062f\u0631 SonarCloud \u0622\u067e\u0644\u0648\u062f \u0646\u0645\u06cc \u0634\u0648\u062f.  \u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0644 sonar-project.properties \u062f\u0631 \u0631\u06cc\u0634\u0647 \u0645\u062e\u0632\u0646 \u062e\u0648\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f.  \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 \u0628\u0647 \u0633\u0648\u0646\u0627\u0631 \u0627\u0637\u0644\u0627\u0639 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u0647 \u06af\u0632\u0627\u0631\u0634\u200c\u0647\u0627\u06cc \u067e\u0648\u0634\u0634 \u06a9\u062f \u0634\u0645\u0627 \u0631\u0627 \u06a9\u062c\u0627 \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u06a9\u0646\u062f.<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>sonar.organization=[INPUT_YOUR_ORGANISATION]\nsonar.projectKey=[INPUT_YOUR_PROJECT_KEY]\n\n# relative paths to source directories. More details and properties are described\n# in https:\/\/sonarcloud.io\/documentation\/project-administration\/narrowing-the-focus\/\nsonar.sources=.\nsonar.exclusions=**\/tests\/*.js\nsonar.language=js\n\nsonar.javascript.lcov.reportPaths=.\/coverage\/lcov.info\nsonar.testExecutionReportPaths=.\/test-report.xml\n\nsonar.sourceEncoding=UTF-8\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D9%85%D9%86%D8%A7%D8%A8%D8%B9\"><\/span>\n<p>  \u0645\u0646\u0627\u0628\u0639<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u06a9\u0627\u0631 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0645\u062e\u0632\u0646 \u0645\u0646 \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f <\/p>\n<p>\u0628\u0647 \u0633\u0644\u0627\u0645\u062a\u06cc!<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0645\u0642\u062f\u0645\u0647 &#8211; \u062a\u0648\u0644\u062f DevSecOps \u062f\u0627\u0633\u062a\u0627\u0646 DevSecOps \u062f\u0627\u0633\u062a\u0627\u0646 \u062a\u0648\u0633\u0639\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0627\u0632 \u0646\u0632\u062f\u06cc\u06a9 \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f. \u0645\u0627 \u062f\u06cc\u062f\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0635\u0646\u0639\u062a \u0627\u0632 Waterfall \u0628\u0647 Agile \u0645\u0646\u062a\u0642\u0644 \u0634\u062f \u0648 \u0647\u0645\u0647 \u0686\u06cc\u0632 \u0628\u0639\u062f \u0627\u0632 Agile \u062a\u063a\u06cc\u06cc\u0631 \u06a9\u0631\u062f. \u0628\u0627 \u0686\u0631\u062e\u0647 \u0647\u0627\u06cc \u062a\u0648\u0633\u0639\u0647 \u0628\u0633\u06cc\u0627\u0631 \u06a9\u0648\u062a\u0627\u0647 \u062a\u0631\u060c \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0633\u0631\u06cc\u0639\u062a\u0631 \u062f\u0631 \u062a\u0648\u0644\u06cc\u062f \u0646\u06cc\u0632 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a. \u062f\u06cc\u06af\u0631 \u0628\u0631\u0627\u06cc \u062a\u06cc\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc &hellip;<\/p>\n","protected":false},"author":2,"featured_media":66875,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-66874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/66874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=66874"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/66874\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/66875"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=66874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=66874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=66874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}